The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2002-10-25T04:00:00

Updated: 2024-08-08T03:19:28.716Z

Reserved: 2002-10-24T00:00:00

Link: CVE-2002-1235

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2002-11-04T05:00:00.000

Modified: 2024-11-20T23:40:52.983

Link: CVE-2002-1235

cve-icon Redhat

Severity : Critical

Publid Date: 2002-10-23T00:00:00Z

Links: CVE-2002-1235 - Bugzilla